Open
Bug 903968
Opened 11 years ago
Updated 2 years ago
CSP Inline Script or Style logging has no line numbers, if caused by a script
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: freddy, Unassigned)
References
Details
(Whiteboard: [domsecurity-backlog])
Attachments
(1 file)
3.41 KB,
patch
|
Details | Diff | Splinter Review |
When I cause an inline script violation to be thrown (by a simple inline script tag) the error console has line numbers. But when a whitelisted JavaScript file adds inline JavaScript through document.write/innerHTML the offending JS is logged - but *without* line number of the offending script that causes the violation. This becomes very hard to debug when dealing with long third-party script libraries.
Reporter | ||
Comment 1•11 years ago
|
||
This is just a test and still wip. I have yet to figure out how to probe the web console for the extra info
Comment 2•11 years ago
|
||
What line number do you expect, exactly? The line number of the DOM manipulation that (possibly indirectly) led the inline script tag to try executing?
Flags: needinfo?(fbraun)
Reporter | ||
Comment 3•11 years ago
|
||
Yeah, basically. That doesn't sound like an easy thing to do, right? ;)
Flags: needinfo?(fbraun)
Comment 4•11 years ago
|
||
Not easily, no....
Comment 5•6 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven't been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Updated•5 years ago
|
Component: DOM: Core & HTML → DOM: Security
Priority: P5 → P3
Summary: CSP Inline Script logging has no line numbers, if caused by a script → CSP Inline Script or Style logging has no line numbers, if caused by a script
Whiteboard: [domsecurity-backlog]
Comment 7•5 years ago
|
||
- Open Console https://firefox-devtools-csp.glitch.me/image
- Check the CSP error location
Firefox: image:1:1, wrong, (default location for errors?)
Chrome: image:11, correct line in JS
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•